France is investigating whether “foreign interference” was behind remote access trojan (RAT) malware that was discovered on a passenger ferry.
The ferry malware was “capable of allowing the vessel’s operating systems to be controlled remotely,” Le Monde reported today, citing the Interior Minister.
Interior Minister Laurent Nuñez told France Info radio that hacking into a ship’s data-processing system “is a very serious matter … Investigators are obviously looking into interference. Yes, foreign interference.”
Nuñez would not speculate if the attack was intended to interfere with the ship’s navigation and he did not specifically name Russia, but he said, “These days, one country is very often behind foreign interference.”
The office of the Paris prosecutor said it had opened an investigation into a suspected attempt “by an organized group to attack an automated data-processing system, with the aim of serving the interests of a foreign power.”
Latvian Arrested in Ferry Malware Case
Two crew members, a Latvian and a Bulgarian, were detained after they were identified by Italian authorities, but the Bulgarian was later released.
The Latvian was arrested and charged after the malware was found on the 2,000-passenger capacity ferry the Fantastic, which is owned by the Italian shipping company GNV, while it was docked in France’s Mediterranean port of Sète.
GNV said it had alerted Italian authorities, saying in a statement that it had “identified and neutralized an attempt at intrusion on the company’s computer systems, which are effectively protected. It was without consequences,” France 24 reported.
Christian Cevaer, director of the France Cyber Maritime monitor, told AFP that any attempt to take control of a ship would be a “critical risk” because of “serious physical consequences” that could endanger passengers.
Cevaer said such an operation would likely require a USB key to install the software, which would require “complicity within the crew.”
The investigation is being led by France’s domestic intelligence service, the General Directorate for Internal Security (DGSI), as a sign of the importance of the case, France 24 said.
After cordoning off the ship in the port, the Fantastic was inspected by the DGSI, “which led to the seizure of several items,” France 24 said.
After technical inspections ruled out any danger to passengers, the ship was cleared to sail again.
Searches were also conducted in Latvia with the support of Eurojust and Latvian authorities.
Meanwhile, the Latvian suspect’s attorney said the investigation “will demonstrate that this case is not as worrying as it may have initially seemed,” according to a quote from the attorney as reported by France 24.
Ferry Malware Follows French Interior Ministry Attack
The ferry malware incident closely follows a cyberattack on the French Interior Ministry’s internal email systems that led to the arrest of a 22-year-old man in connection with the attack.
The cyberattack was detected overnight between Thursday, December 11, and Friday, December 12, and resulted in unauthorized access to a number of document files.
Nuñez described the incident as more serious than initially believed. Speaking to France Info radio, he said, “It’s serious. A few days ago, I said that we didn’t know whether there had been any compromises or not. Now we know that there have been compromises, but we don’t know the extent of them.”
Authorities later confirmed that the compromised files included criminal records, raising concerns about the sensitivity of the exposed information.